Digital Forensics & Incident Response Strategic Services Advanced Testing Services Managed Security Services
April 13, 2020
End User Security: Six Steps to Success

When global disasters like the current pandemic strike, we see an increase in IT cybersecurity threats. End user security must become a priority if companies are to protect their employees, critical data, brands and corporate identities.

In times such as these, we can all practice some basic end user security procedures. Here are CBI’s top six recommendations for individuals and organizations to ensure end user security.

1. Security Awareness Training

In light of recent global events, end user security has become a global priority for most organizations, remote and more recently at-home users. The endpoints (laptops/desktops) being used by remote and at-home users may not have the same layers of protection as they do when they are connected to or working within the corporate network.

Organizations are now challenged on several fronts.

  • Make sure you publish the organization’s acceptable use and safe internet usage policies.
  • Inform your remote users that they should continue to adhere to published security policies.
  • Provide contact information for remote users if they should need assistance securing their remote/home office space.
  • Consider posting basic security guidelines on the organization’s website and encourage end users to visit for security updates and recommendations.

2. Secure Mobile Devices

We all rely on our mobile devices to stay connected and conduct business. In times of global pandemic, our mobile devices take on a whole new level of importance and functionality. It’s hard to imagine how our society would handle a global pandemic without the convenience of these amazing devices.

This added reliance on our mobile devices must include the following security focused initiatives:

  • Enrolling mobile devices in your organization’s security protection platform. This must be simple and quick. You should be looking at solutions that secure the data being stored on end users personal and corporate owned devices.
  • Provide secure connections via a Virtual Private Network (“VPN”) for your remote users’ mobile devices.
  • Controlling the applications and data that are allowed on your remote users’ mobile devices. This is critical to maintaining corporate IT security and limiting the risk of data breach or malicious use of intellectual property.
  • Deployment of secure 2FA for mobile devices as they attach to the Internet and or corporate network.
  • Ensuring mobile devices are secure and remain secure. End users will oftentimes turn off default security settings that are designed to protect the device and the data stored on it. If your end users store any corporate data on their devices, you will want to make sure these settings are correctly configured.
  • Provide your remote users with a secure mobile email client. Most smartphones have a default email application. These default applications are not always secure nor can your organization monitor its use or the data being shared through it. Solutions exist that allow you to place a secure email client that users can and should use to access corporate data.

3. Home and Public Wi-Fi

Recent times require all of us to work from less secure locations than we are used to. It is extremely important that you and your end users understand the risks associated with using your mobile device while connected to a remote Wi-Fi network.

Public networks (by design) are never secure, meaning cybercriminals have a variety of ways to steal information that passes through the network. It is far too easy for a cybercriminal to intercept the network traffic coming from and going to your mobile device. User credentials can easily be obtained using what is known as a “man-in-the-middle” attack.

Fortunately, users and organizations have an option to prevent this by installing a Virtual Private Network (VPN) application on your remote and mobile devices. A VPN allows the user to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, etc.

4. Provide Secure Internet Browsing

When a user is connected to the corporate network, they gain a number of security advantages. One of these primary advantages is protection when browsing the Internet.  Remote users can lose that level of protection unless they have configured their endpoint properly. Organizations can provide access back into the secure corporate network by providing a secure VPN connection. Once connected, the remote users regain the benefits of being connected to the corporate network including a secure Internet browsing experience.

Organizations should also consider the deployment of a Client Access Security Broker (CASB) solution. A CASB can be installed on-premise or in the cloud. The CASB sits between users and cloud applications and services and monitors all activity and enforces security policies. Its most effective at monitoring what services are being used, if they are secure and most importantly if any users are storing or sharing corporate owned data in the cloud.

5. Remote Malware Detection and Response

The organizational workforce continues to work remotely. Organizations need to provide at-home and remote users with a cost-effective option for securing their personal computers, so employees who must use their personal home system to access corporate resources can do so safely and productively.

Organizations must also provide the same level of visibility and protection for remote corporate owned devices.

This level of protection must also include the ability to remotely respond if a remote users endpoint becomes infected.  This is important because any remotely connected endpoint that is infected can also infect the corporate network.

6. Two-Factor Authentication

Some may say it isn’t a matter of “if” you or your organization will fall victim to some type of security breach, but “when.” In that case, you need to already be thinking about how you can protect your users and the organizations sensitive data.

One of the most cost-effective ways to accomplish this is to implement a two-factor authentication (“2FA”) solution. Modern 2FA solutions can be rapidly deployed and have little impact on users.

Consider how you log into your own personal online bank account. Most, if not all, banks and credit unions are using 2FA already. 2FA is already a part of our lives. CBI recommends extending that same level of security to your organization. 2FA is most effective in stopping a cybercriminal from doing anything with your credentials.

Now more than ever, remote users should be authenticating to the corporate network using some form of 2FA.  This should also be adopted by remote users as a best practice when authenticating to any and all personal web-based services.

The End User Security Bottom Line

Ideally, to develop an effective end user security program, you are going to want to deliver on some or all of these above listed recommendations—in some capacity—in a highly scalable, flexible way—with minimal impact to end-users and administrators.

Content Sponsored by
Forcepoint is the global human-centric cybersecurity company transforming the digital enterprise by continuously adapting security response to the dynamic risk posed by individual users and machines. The Forcepoint Human Point system delivers Risk-Adaptive Protection to continuously ensure trusted use of data and systems. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries. Learn more at www.forcepoint.com
About the Authors
CBI Dan Gregory
Dan Gregory
Senior Security Strategist
Dan has more than 15 years of field experience in performing regulatory compliance controls assessments and policy review. Dan has extensive experience in development and internal process audits with a focus on the financial, healthcare, manufacturing, and retail industries. Dan has performed countless controls assessments and efficiently deploys solution-based integrations designed to protect critical infrastructure, data, brand confidence, and reputation.
Remote Access Assessment
With more employees working remotely than ever, executives are concerned about fending off cyberattacks and ensuring system performance, all while defending employees, customers and data. Find out how CBI’s Remote Access Assessment can help. Learn More
I Need To...
S
Safeguard my data and my brand
Solutions
E
Envision my cybersecurity program
Digital Forensics & Incident Response
C
Comply with regulations
Strategic Services
U
Uncover what I have
Advanced Testing Services
R
Run my cybersecurity operations
Managed Security Services
E
Elevate my business
Why CBi